AT&T AlienVault USM Review

It's based on an open source product and therefore fully customizable.


Valuable Features

Flexibility. As the source of AlienVault is based on an Open Source product, it is possible to implement nearly everything including fully customized plugins, scripts, etc. We haven't yet found any limitations.

Improvements to My Organization

We are now able to track any kind of threat including external (malware) or internal (people trying to bypass restrictions, USB keys etc.).

We are able to track changes in the authentication integrity (new user created, domain admin elevation, etc.) and get mail or tickets in cases of suspicious behavior.

It helps us with our ISO27001 compliance.

Room for Improvement

The search capabilities are not optimal and are going to be optimized in the next versions. For example, it is possible to search both username and IPs but not usernames and specific fields (aka user data) at the same time.

Documentation needs to be improved, especially due to the fact that AlienVault gets improved often with new features.

Vulnerability scanning does not support Nessus (after version 5) which is a leader in the market. The default vulnerability scanner is OpenVAS, it does the job but the report are not the same quality as Nessus.

Use of Solution

3+ years

Stability Issues

No stability issues were encountered.

Scalability Issues

No scalability issues as the product is highly scalable. You have to take care of what you want to integrate and think of use-cases instead of global log collection. In our opinion this is the key of success as you will scale your infrastructure with what you really need.

Customer Service and Technical Support

Customer Service:

Customer service can be a great help depending on the kind of project. They are very reactive for commercial offers.

Technical Support:

Technical support is good and reactive but you should also pass the training to have better knowledge of the solution.

Previous Solutions

We chose this product because of:

  • Pricing model
  • Flexibility of the solution
  • Multi-tier architecture/scalability

Initial Setup

Yes, when you don’t have experience with the product you have to learn and understand all the “concepts”. In this case AlienVault generally provide “free” technical service with third party companies to be able to operate something quickly.

Implementation Team

We started with the free technical support provided for the test time. Then we quickly take the product in our hands, got certified on it and became independent.

ROI

The ROI is very good if you evaluate all the services which AlienVault can help you with: detection of Malware, bad activities, suspicious behavior, etc. All these threats can create high financial lose and a big part of them could be prevented using the SIEM.

Other Advice

If you don’t want to overpay, and want to have something working, you have to make an assessment based on:

- what are your assets?
- what is the criticality of each one?
- what use cases do you want to implement?

From there create a plan on how to implement them to limit the number of collection to the minimum to avoid flooding of data/high costs due to over-sized infrastructure.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
1 visitor found this review helpful
1 Comment
Tami AndrewsVendor

Thank you David for providing your feedback & assessment of working with USM.

26 June 17
Guest
Sign Up with Email